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0 SECRET 41 


DIRECTOR OF CENTRAL INTELLIGENCE 

Security Committee 


SECOM-D-245 
7 December 1983 


MEMORANDUM FOR: Deputy Director, Intelligence Community Staff 
25X1 FROM: 

Chairman 

25X1 SUBJECT,: Proposed SECOM Response to DCI Request 


1. Attached for your approval is a proposed response to the DCI's 

28 November 1983 memo randum, r equesting additional information about SECOM's 
25X1 status report to him. | 

2. The DCI's offer to weigh in on the leak problem is gratifying, but 
the risk at this time of unfavorab le publicity seems to outweigh the likeli- 

25X1 hood of positive results. I 


3. The request for the comparison of PD-24 and the proposed NSDD on 
communications and computer security probably can be fulfilled best by pro- 
viding the IC Staff's 28 October 1983 input to the DDCI. Subject to your 
approval, I have i ncluded that document as an attachment to the SECOM 
25X1 response. 


25X1 


Attachment 


Regraded CONFIDENTIAL When 
Separated- from Attachment 

WARNING NOTICE - INTELLIGENCE 
SOURCES OR METHODS INVOLVED 
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SUBJECT: Proposed SECOM Response to DCI Request 
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1 - ICS Registry w/att 
1 - SECOM Subj w/att 
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SECRET 


DIRECTOR OF CENTRAL INTELLIGENCE 

Security Committee 


SEC0M-D-243 
7 December 1983 


MEMORANDUM FOR: Director of Central Intelligence 

VIA: Deputy Director of Central Intelligence 

Director, Intelligence Community Staff 


FROM: 

Chairman 

SUBJECT: Security Committee Activities 

REFERENCE: DCI Memorandum to C/SECOM, dated 28 November 1983 


1. In your response (Reference) to the Security Committee's recent 
status report, you asked (a) how prior DCI's have weighed in on the leak 
problem and (b) to see the comparison of PD-24 and the proposed NSDD on 
conmuni cations and computer security. [ 


2. Regarding leaks, you have exceeded by a considerable margin the 
efforts of the other DCI's to weigh in on the problem. The videotape you 
made in June is being shown around the Community and is being favorably 
received. Because of severe current press criticism of Administration 
anti-leak efforts, it is unlikely that putting the DCI's prestige on the 
line at this time would serve a useful purpose. Your continued support 


.of FBI i nvestiaa 
results. 


tion of specific leaks, however, could bring positive 


3. The effort to replace PD-24 with a single NSDD covering both com- 
munications and computer security has been overtaken by events. The IC 
Staff input to the DDCI on this. matter, including the SECOM comparison you 
requested, is attached. A draft replacement for PD-24, concernin g only 
COMSEC, has been prepared and is being reviewed in the Community. t 


4. Please advise if further information is desired. 
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SUBJECT: Security Committee Activities 


Distribution: 

Orig - Addressee w/att 

1 - DDCI w/att 

2 - ER w/att 

1 - D/ICS w/att 
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DCI/ICS 83-4044 
28 October 1983 


MEMORANDUM FOR: Deputy Director of Central Intelligence 


FROM: 


SUBJECT: 


Director, Intelligence Conmumty Staff 

Concern Relating to the Proposed Revision 
of PD/NSC-24 


1 A proposed revision to PD/NSC-24 (Telecommunications Protection 
Policy) has been formulated by Ken deGraffenreid of the NSC and selected 
members of the National Communications Security Committee (NCSC). The 
revision is based on the findings of the Countermeasures Organ iza tion Study 
produced under the auspices of the Senior Interagency Group (lnte 111 gence) in 
July 1983 in response to NSSD-2. Under this revision, PD/NSC-24 will be 
entitled "National Policy on Telecommunications and Automated Information 
Svstems Security"— a significant expansion in the scope of activities 
covered. This memorandum highlights the concerns and conments expressed by 
the IC Staff, CIA/OC, and CIA/OGC regarding the Proposed revision. 

Attachments 1, 2, and 3 (which were developed by the DCI*s Security Committee, 
CIA/OC, and CIA/OGC, res pectiv ely) provide comparisons of the proposed NSDD 
with the present PD-24. 


2 . All parties are agreed that there is a need for national policies for 
the protection of telecommunications and automated information systems. The 
proposed revision would establish a single national policy and management 
structure covering both disciplines. Although there is philosophical 
aareement that separate policies might leave gaps in the protection of 
information as the technologies of the two disciplines converge, concerns were 
raised over the feasibility of managing a consolidated effort, particularly in 
view of the expanded scope of the systems addressed in the current proposal. 


3. The proposed NSDD identifies the Secretary of Defense as the 
Executive Agent of the Government for Telecommunications and Automated Systems 
Security. There is some concern within the IC Staff and CIA/OC over the 
appropriateness of having the Secretary in this role because the proposed NSDD 
expands security to include information affecting privacy of US p ersons. 
Several other related concerns are identified in the attachments. 


4. There is unanimous concern that the proposed NSDD does not accurately 
recognize the DCI's statutory responsibilities and authorities. Several 
actions in particular in the proposed NSDD could severely impact the DCI's 
ability to carry out his responsibilities. These include: 

This memo is downgraded to CONFIDENTIAL 
upon removal of attachments. ~ 


WARNING NOTICE 
INTELLIGENCE SOURCES 
OR METHODS 
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... . lolrt „ ont nf » consolidated resources program and budget 
foraulationtf the HFIP end Impact Intelligence Community priorities. 

« b ‘ f or^Tel econmuni cat i ons^and * Information* Systems^ecur 1 ty* ^ assumes ' 

^HSSKasaaJSMuans 

C1A/0S/1SSG. 

missions from FBI, CIA, and D1A. 

. , maniiirpmpnt that DCI provide DIRNSA with "unique handling 

^*rsmtnt« q associated with the protection of sensitive compartmented 

responsibilties and authorities. I 

, nil *w a Mnr p f „e identified in the attachments should be addressed by 
the c^igi^before the NSDD 

Sf^SyjrrSjiSb???? r^uS^ll^e DC. and other 
government executives identified in the draft. 


respective COMSEC missions u ? the Executive Agent for the DOD 

under the auspices of the HCSC. » currently is also responsible for 

Computer Security Evalu.t’on Cente^JKEC^CurrentJy^s^.^ ^ p J ep , r , t(on of 

generic computer secu y . sy5 Computer Security Program," which 

and budgeting for the o J 0 ^K nS a ®d°ii other DOD branches and agencies* 

trtWi??U l^JtIr security. CSEC d oes not have computer security 

responsibilities outside of DOD. 


7 in the oroDOsed PD/NSC-24, DIRNSA would assume government-wide 
between DIRNSA and the Executive Agent. 


S- .JZSfZ&S*? t£ newly^established DOD 

« b spny u s^er£ th « co«scc r 

t ird»h the situation in an eguitahle 

fashion. 
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25X1 


25X1 


It is reconwended that: 

o an official DCI response to this proposed NSDD |j® 5 by 
the IC Staff in coordination with CIA/OGC, CIA/OS/ISSG, and 

CIA/OC; 

o the existing policies promulgated under the NCSC remain in effect 
until the draft NSDD has been revised to address the concerns 
stated in this memorandum; 

o the new draft NSDD be properly staffed with the agencies under 
the existing NCSC; and 

o that progress be deliberate so as to allow incorporation of the 
results of the DCI's Computer Security Project. 


Attachments: a/s 
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SUBJECT: Concern Relating to the Proposed Revision 
of PD/NSC-24 


Distribution: 

Orig - DDCI 

1 - Executive Registry 
1 - Office of 6eneral Counsel 
1 - D/OC 
1 - D/OS 
1 - SECOM 
1 - D/ICS 
1 - D/PPS 
1 - ICS Registry 
1 - IHC Subject (L6S) 

1 - IHC Chrono 


25X1 


ICS/IHty 


28 Oct 83) 
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COMPARISON OF PROPOSED NSDD WITH 

PD-24 


NSDD 

PD-24 

CHANGE 

CONSEQUENCES 

• 

General 

General 

Expands scope to Include all automated 
systems Including word processors. 

Raises questions of feasibility of 
managing consolidated effort. 


1 

2 

Expands security mission to include 
information affecting privacy of U.S. 
persons. 

Raises questions of Executive Agent's 
and National Manager's suitability 
to represent entire Government's’ 
privacy interests. 

• 

2c, 6b 

2c, d 

Adds provision for the Government to 
formulate strategies and measures for 
providing protection for "systems 
which handle nongovernment informa- 
tion the loss of which could adversely 
affect the national interest or the 
rights of U.S. persons...." Explicit 
responsibilities and mechanisms to 
implement this policy are not pro- 
vided but must devolve on the DIRNSA. 

The propriety of this goal, and its 
pursuit by a military agency, are legal 
issues which should be explored by the 
Attorney General. 


3 

4 

Replaces PD-24-based National Commu- 
nications Security Committee with a 
Steering Group and National Telecom- 
munications and Information Systems 
Security Committee (NTISSC). 

The breadth of issues covered raises 
questions of who should be represented 
on these groups, and what other organi- 
zations are affected. 




CONFIDENTIAL 
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COMPARISON OF PROPOSED NSDD WITH PD-24 
Page 2 


NSDD 

3c 



3d 


4b(3) 



5 


PD-24 
no ref. 


4g 


no ref. 


4c 


CHANGE 

Empowers Steering Group to approve 
“consolidated resources program 
and budget proposals" for national 
telecommunications and information 
systems security. 

Centralizes review of systems' 
security status by the Steering Group. 


NTISSC to "administer matters per- 
taining to the release of sensitive 
security information, techniques and 
materials to foreign governments or 
international organizations (except 
in intelligence operations managed 
by the Director, Central Intelligence 
Agency) ." 

Makes’ SecDef Executive Agent for Auto- 
mated Systems Security as well as for 
Telecommunications Security. Expands 
his executive agent role to cover all 
electronic information, not just 
"national security" information as 
before. 


CONSEQUENCES 

Restructures budget review process for 
these areas, with significant impact 
on DC I role for NFIP and on department 
and agency head authorities to set 
priorities. 

Implies migration of accreditation 
approval responsibilities from depart- 
ments and agencies to the Steering Group, 
which would be separated from the 
environment to be accredited. 

Supersedes the DCI's E.O. 12333 authori- 
ties to prescribe policies for and 
coordinate foreign intelligence relation- 
ships (except for DDO operations). 


Considering the rapid expansion of word 
processing, makes SecDef Executive Agent 
for all Government information 
processing. 


CONFIDENTIAL 
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COMPARISON OF PROPOSED NSDD WITH PD-24 
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NSDD PD-24 


CHANGE 


CONSEQUENCES 


5 4d 



5f 


no ref. 


5g no ref. 



6 


no ref. 


6a, e no ref. 


Secretary of Commerce out as Execu- 
tive Agent for unclassified, non- 
national security information, and 
for commercial and private sector 
information. 

Empowers SecDef to "procure for and 
provide to government agencies, and 
where appropriate, to private institu- 
tions (including Government contractors) 
and foreign governments, equipment and 
other materials. M 


Empowers SecDef to develop and submit 
a National Telecommunications and 
Information Systems Security Program 
budget, "including funds for the pro- 
curement and provision of equipment and 
materials" Government (and contractor) 
wide. 

The DIRNSA would be responsible for 
carrying out the foregoing responsi- 
bilities of the Secretary of Defense 
as Executive Agent. 

Empowers DIRNSA to "empirically 
examine Government telecommunications 
and automated information systems and 
evaluate their vulnerability to hostile 
Interceptions and exploitation." 


Severely curtails Bureau of Standards 
role and functions. Raises question 
of legal propriety of military respon- 
sibility for this area. 


GSA, and department and agency heads 
with delegated authority, would lose 
the right to procure computers and word 
processors . Central 1 zed procurement 
would make it very difficult to meet 
schedule and individual agency require- 
ments. 

Seriously affects the budget cycle, 
department and agency head administra- / 
tive prerogatives, and DCI role in NFIP. 
Raises questions of feasibility of dis- 
charging this responsibility. 


All previously itemized SecDef respon- 
sibilities may be delegated to DIRNSA. 


Shifts security accreditation responsi- 
bility for all Government and contractor 
telecommunications and information 
systems to DIRNSA. 


CONFIDENTIAL 
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COMPARISON OF PROPOSED NSDD WITH 
Page 4 

PD-24 


NSOD 

PD-24 

CHANGE 

CONSEQUENCES 

• 

6b 

no ref. 

Empowers DIRNSA to develop and approve 
“all standards, techniques, systems 
and equipment" "related to cryptog- 
raphy, communications security and 
trusted computer and automated infor- 
mation systems." 

Entire Government must use DIRNSA spe- 
cified standards, techniques, systems 
and equipment. 


6b, e 

no ref. 

Empowers DIRNSA to perform all 
Government-sponsored R&D for telecom- 
munications and information systems 

Eliminates such roles for CIA (ISSG and 

ORD), DOE (LLL, etc.). Bureau of 

Standards, GSA and others. 


6b, 10a 

4g 

Removes PD-24 authority of heads of 
Federal departments and agencies to 
organize and conduct their commu- 
nications security and emanations 
security activities as they see fit, 
and vests this responsibility with 
the DIRNSA. 

In CIA, for example, removes OC COMSEC 
and OS ISSG missions. 

# 

6b 

no ref. 

Empowers DIRNSA to conduct liaison 
with foreign governments and inter- 
national organizations. 

Impacts formal and informal roles of DCI, 
State Department and Commerce Department 
in many relationships. 


6b 

no ref. 

Empowers DIRNSA to conduct all 
security-related liaison with 
private institutions. 

Removes Bureau of Standards role with 
American National Standards Institute, 
Question of legal propriety arises 
again. 


6c 

no ref. 

Empowers DIRNSA to operate 
industrial facilities to provide 
"cryptographic and other sensitive 
security materials or services." 

Precludes any other agencies from working 
or contracting in those areas. Could 
impact private sector research into 
security methods. 




CONFIDENTIAL 
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COMPARISON OF PROPOSED NSDD WITH PD-24 
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NSDD PD-24 


CHANGE 


CONSEQUENCES 


6d no ref. 


6g,10b 


no ref. 


7 


no ref. 


Empowers DIRNSA to assess and dis- 
seminate information on hostile 
threats to telecommunications and 
automated Information systems. 

Requires department and agency heads 
to provide DIRNSA all Information "he 
may need to discharge the responsi- 
bilities assigned...." 

Requires DCI to provide DIRNSA with 
"unique handling requirements associ- 
ated with the protection of sensitive 
compartmented intelligence." 


Removes analysis missions from CIA and 
DIA, such as technology transfer and 
Soviet technology. 


DIRNSA specifies what he wants; others 
have to provide. 


DIRNSA free to accept, modify or reject 
requirements. Does not accurately recog 
the DCI's statutory responsibilities and 
authorities. 


CONFIDENTIAL 
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NS C/PP-24 
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Established the national policy 1. Expanded to Include An tana ted 

for the protection of teleaannunl- information Systems 

cations ONLY . 


1. The inplementatlon of the proposed NS DO 
by deparbnents/agencies (Treasury and 
Energy for example) where all information 
handling systems (including teleccmaini- 
catlons) are under centralized management 
will have mlniiiun impact. The other 
civilian and military organizations will 
have difficulty implementing the proposed 
NSDD because of the dlveraif ied management 
of telecommunications and automated 


information systems. 


2. The secretary of Defense was 
designated as the Executive 
Agent for Cawnunications Security 
(OGMSBC) (para 4.c). 

The National Communications Secur- 
ity Committee (NCSC) ; chaired by 
the Assistant Secretary of Defense 
for Conmunl cat ions Command, Control 
and Intelligence; was established 
as a national COMSBC framework for 
the conduct of COMSEC activities 
within the Government. NSA was a 
voting member of the NCSC and the 
charter functions of NSA were 
clearly defined. 


Within the Agency, OC is responsible for 
telecommunications and the automated 
systems used in support of teleoamuni- 
cations. OOP and OS/ISSG are responsible 
for the security of the remainder of the 
automated information systems. 


2 . 


The Secretary of Defense is deslg- 2. 
nated as the Executive Agent of the 
Goverrment for Telecormuni cat ions 
and Automated Systems Security. 

The Director, National Security Agency 
is designated as the National Manager 
for Teleoonmini cat ions and Information 
Systems Security and is responsible 
for carrying out the responslbilltfes 
for the Secretary of Defense as ’™' 
Defense as Executive Agent . 


Under PD-24 the Director, NSA was a coequal 
with nine other regular members of the NCSC. 
With the chairmanship of the NCSC at the 
AsstSec Def level NSA could not unduly 
Influence national standards or 
priorities. 

Under the proposed NSDD the Director of NSA 
will have a predominant rede in determining 
the future of telecxrmunications and 
aut omated information ays terns utilization 
within the Government . The designation 
of the Director, kSA as the National 


TT»e NCSC is replaced by the National 
Telecommunications and Information 
Systems Security Committee with an 
expanded membership. 

A Steering Group consisting of the 
Secretary of Defense, the Director of 
Central Intelligence, the Director of/ 
OMB, and chaired by the Assistant to * 
the President for National Security 
Affairs is established to oversee the 
implementation of the NSDD. 


Manager for Teleooimunications and Infor- 
mation Systems Security should be 
stricken from the proposed NSDD. 


This is a significant reduction in the 
authorities of the DCI . 



CONFIDENTIAL 
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lUuiNll/AL. 


NSC/TO-24 

3. provided Cor “a permanent interagency 3 
group, under the chairmanship of the 
Department of State, he established 
consisting of representatives of the 
Executive Office of the president, 
the Director of Central Intelligence, 
the Department of Defense, National 
Security Agency and the Department of 
Justice/Federal Bureau of Investiga- 
tion to review and if necessary to deny 
real estate acquisitions through lease 
or purchase by the USSR and other 
Coimeiist countries that present a 
potential serious threat to U.S. tele- 
ocnmunica t ions security. All foreign 
government leased or omed facilities 
in this country should be evaluated as 
to their possible use for intercept 
operations." 


4 . 


Approved For Release 2009/03 /23 : CIA-RDP94BQ0280RQ0 1 200040023- 


The only mention of this group is 
contained in paragraph 13 "Respon- 
sibility for the Interagency 
Count ttee On Real Estate Acquisition 
is transferred to the Office of 
Foreign Missions pursuant to 
PL 97-241, 24 August 1982." 


The thrust of PD-24 was to reduce or elimi- 
nate the vulnerability of unclassified 
information being passed via micrcwave 
and to ensure that classified or unclassi- 
fied but sensitive information was protected 
by adequate cryptographic systons. This 
thrust is lost in the proposed NS DO. 


PD-24 did not specifically address 
automated Information systems. 


4. Automated information systems are 
incorporated into the proposed NSDD 
without adequate definition of what 
is to be covered (computers, word 
processors, etc.). There are oblique 
references to a security architecture 
for systems without any specifics. 


4. There are a number of interagency 
committees that are concerned with 
ccnqputer security under the auspicies 
of SHOOM and the Department of Defense. 
If the proposed NS DO is approved. 
Director, NSA will be responsible for 
all systems. NSA has not demonstrated 
an expertise in this field. 


5. 


PD-24 very obligjely addresses 
threat assessments. 


The proposed NSDD Is very specific 
on threat assessments and tasks heads 
of departments and agencies to provide 
any information requested by NSA to 
determine the vulnerability of tele- 
ocmmunlca t ions and automated infor- 
mation systems. 


5. The exceptions under paragraphs 7 and ill 
are not adequate to resist Director, NSA 
tasking. 


CONFIDENTIAL 
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NSC/PD- 


LunnuLisiiAL 
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Paragraph 4.g states that "the heads 
of all departments and age ancles of 
the Federal Government shall organize 
and conduct their coimunications 
security and emanations security 
activities as they, see fit subject 
to the provisions of law, the pro- 
visions of this and other 
directives..." 


.Paragraph 6. a states that as the 6 

National Manager for Teleonmmuni- 
cations and Information Systems 
security the Director, NSA shall 
"enpirically examine" government 
teleocmnun lea t ions and automated 
information systems and evaluate 
their vulnerability to hostile 
interception and exploitation. 

Paragraph 11. b states that "nothing 
in this directive shall give the 
NTISSC, the Secretary of Defense, 
or the Director, National Security 
Agency authority to inspect the 
personnel or facilities of other 
departments and agencies without the 
approval of the head of such depart- 
ment or agency, nor to request or 
collect information concerning 
their operations for purposes not 
provided for herein." 


Although the wording of paragraph 11. b 
would imply that the Director, CIA could 
deny Director, NSA access to CIA facilities 
to "empirically examine" our teleocmmuni- 
cations and automated information systems 
and evaluate their vulnerability to hostile 
interception and exploitation, it has been 
our experience that NSA is very aggressive 
in pursuing this objective. The finaliza- 
tion of the MOU with NSA on the Interface 
of the CIA secure phone system with the NSA 
system was delayed several years because 
NSA Insisted on the right to inspect the 
Agency systen for carpi lance with NSA 
directives. The revision of DCID-1/16 also 
contains language that would permit NSA to 
inspect our telecommunications network to 
ensure canpl iance with NSA standards. NSA 
is unwilling to accept certification from 
the Director, CIA that the Agency Is in 
compliance with national standards without 
an "empirical examination." 


The original draft of the NS DO contained 
the following language in paragraph 11. bi 
"Nothing in this directive shall give the 
NTISSC, the Secretary of Defense, or the 
Director, National Security Agency authority 
to inspect the personnel, facilities, or 
internal operations of other departments and 
agencies without their approval. " This 
wording was changed at the Insistence of the 
Agency representative to the working group 
that prepared the proposed NSDD to ensure 
that any request by Director, NSA to inspect 
Agency facilities was addressed to the 
Director, CIA rather than sane unnamed 
operating official, who might not appreciate 
the indications of such a request. 


CONFIDENTIAL 
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28 October 1983 


MEMORANDUM FOR: 


Director, Planning and Policy Staff 
Chairmen, Security Committee 


FROM: 

SUBJECT: 


Assistant General Counsel 

* 

Proposed Revision of PD— 24, 
Telecommunications Protection Policy 


1. At your request. I have reviewed a proposed NSDD 

. *4-i oA "National Policy on Telecommunications and Automated 
entitled National foiicy on ^ discussed, it does 

information Systems security “ £ " al ptoblens that 

I^ld^elluSl ado^fon of this proposed revision Rather, the 
NSDD raises policy issues that, depending upon ultimate 
resolution? appeal to conflict with existing authorities and 
resoiut , ff Director of Central Intelligence on the 

protection of intelligence sources, methods, and activities. 

*> Tn mv view there are two major issues that must ^e 
addressed in preparing a briefing package for the DDCI on the 
nsdd The first is. the appropriateness of combining 
telecommunications^ecurity and automated information systems 

} security under a single national policy 
(l C.;:,?° P Pa?/ I?this issue involves the selection of an 

irDirictlr? X Nat?onai a i;curi?y d Ag^t?? a Silfhe°Se??|a?eL that 

S ^o a equtti^s Xt Directo^of S3SS ^ ^ 

Intelligence at stake. 

l The second major issue is the extent to which the 
authorities and responsibilities^ ^Director 

In | e i 1 the n NSDD lll Under E?0. 12333 the DCI is responsible to the 

?Ic^?es a S?I? S G??«n^;; dep«;miits D ^d"gencies P ?ha? y process 

° r t t 0 re to n establish e and f maintain security progrfm 

tQ S ensure adequate protection of intelligence information. 


ffrnrr 
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(The DCI has issued a computer security manual prepared by the 
DCI’s Security Committee to establish these computer security 
requirements.) The proposed NSDD could directly affect these 
DCI responsibilities. For example, section 5 provides that the 
Secretary of Defense shall provide minimum security standards 
and doctrine, procure equipment to accomplish the objectives of 
the NSDD, and develop a consolidated program budget each fiscal 
year. Moreover, the NSDD does not clearly respect the DCI’s 
responsibilities for intelligence iiaison, as section 4(b)(3) 
provides for a committee, the NTISSC, to administer matters 
pertaining to the release of sensitive security information, 
techniques and materials to foreign governments (except in 
intelligence operations managed by the DCI), and section 6(b) 
provides that the Director, NSA, is the focal point for 
conducting liaison with foreign governments. These provisions, 
if approved without' 1 change, would affect the role of the DCI 
for the protection of intelligence sources and methods, 
including liaison with foreign governments. (Admittedly, the 
NSDD recognizes DCI’s equities in liaison activities, but falls 
short, I believe, of providing a complete exemption.) That the 
draft contemplates a diminished DCI role is further evidenced 
in section 7 which provides that the DCI shall identify to the 
NTISSC and the Director, NSA, any unique handling requirements 
associated with the protection of sensitive compartmented 
intelligence. The implication is that NSA will have the final 
word in resolving disputes. 

4. In advising the DDCI you may wish to consider a 
dramatic departure from the scheme that has been proposed in 
the NSDD. For example, it might be appropriate to establish a 
senior policy body, such as the steering group that has been 
proposed, that would include the DCI, the Secretary of Defense, 
the Director, OMB, and that would be chaired by the Assistant 
to the President for National Security-Affairs. The President 
could establish a very general national policy but recognize 
that, as with U.S. National. Space Policy, there are three 
distinct interests that must be served: national defense, 
civil, and intelligence. Each of these areas could be governed 
with some degree of independence so long as subject to the 
overall U.S. policy. While, perhaps, an executive agent would 
have to be appointed, there would nevertheless remain a clear 
role for each of these elements to operate in a compartmented 
fashion, thus preserving the integrity of intelligence 
processes and requirements tvhile, through the national policy 
group, attempting to deal with the increasing inter— dependence 
of these areas. While I do not have any particular thoughts on 
how these three different systems could be managed at this 
time, I suggest the NSDD on national space policy could provide 
an appropriate model from which to begin discussions. I 
suggest also that thought be given to any need to address this 
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proposed NSDD in the context of NSDD-97, ''National Security 
Telecommunications Policy", which provides for continuity of 
government and essential functions during wartime. 

5. Clearly a balance must be struck between establishing 
a consistent national approach to these matters and insuring 
appropriate protection for intelligence equities. The 
difficulty in accomplishing this objective arises from the fact 
that, while intelligence interests generally suggest a 
compartmented approach, there inevitably is overlap between 
intelligence and non-intelligence systems. However, a 
resolution of these issues depends not so much upon legal as 
policy concerns. Please do not hesitate to contact me if you 

have any questions or comments. 
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